(2020-03-19), Hardware, Photography, Chernobyl, CMA, CFP

(00:09:05) “[…] it's OK to specialize, you don't have to know everything. And I think in today's age, it's obscene. You just wouldn't be able to know everything, you know. And I think this is expectation that, oh, you know, if you're a pentester, you need to know everything. I know a lot of good pentersters (who won't admit it) but they don't know the Cloud. They don't know the real Cloud. I would if I was doing it now, I'd look for what really gets me excited […] So I think pick what really gets you excited and concentrate on that. Ignore what everyone else thinks. They don’t matter. What matters is what you're going to pull your effort into.”

Stu had the pleasure to listen to the incredibly humbling story of Daniel Cuthbert. He is a co-author of the OWASP ASVS standard and currently holds the position of the Global Head of Security Researcher for a large corporate.

This incredible conversation touches on the following subjects:

  • OWASP and the humbling journey till now
  • Times when World Wide Web was not a thing
  • Importance of self-development
  • How to start in hardware (some great advice there!)
  • Money vs job satisfaction
  • Threat modelling and bug bounties
  • Experiencing Chernobyl as a creative
  • Photography in a conflict zone
  • Court case and changes to Computer Misuse Act 1990
  • Con talks and how to properly prepare to those


(01:06:13) “…submit it and if you see who's on the review board and you want help, reach out. And my offer still stands. My DM’s are open. […] But I will, you know, if I can help the submission, understand it and help you rewrite it and go from that, it doesn't have to be for Black Hats or BruCON or DEFCON or 44CON that I am involved in - it could be for any con”

Listen here: download
  • Hosted by: Stu,
  • Production: Meadow,
  • Proofing, writeup: Mon

Please subscribe!

Ep. 82, Oh, wasp (with Daniel Cuthbert)